Friday, October 1, 2010

A few weeks ago I showed how you can keep your system safe from vulnerable and exploitable plug-ins when using Google Chrome entirely through built in features.

In the latest build of Chromium, the open-source projects behind the Google Chrome browser, that was pushed out today, two more security features were spotted. These are - an inbuilt XSS protection and a feature to disable outdated plugins automatically.

The XSS Auditor feature aims to protect the user from certain XSS attacks on malicious web sites. It improves the user’s security, but it might not be compatible with all web sites.

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting vulnerability is one of the most common type of attacks on sites that are based on user generated or submitted contents, like message boards and social networking sites. The recent attacks on Orkut by the 'Bom Sabado' worm and that on Twitter were XSS exploits.

The other security feature allows the browser to automatically disables plug-ins with known security vulnerabilities and offer update links for them.

Outdated plugins create another loophole for hackers to gain control of your system. Chrome already provides warning for outdated plugins, and is able to update flash versions without even bothering the user. Any other out of date plugins will be disabled.

Both the new features are available under the Labs section and is accessible by typing about:labs in the address bar.